This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Security and the fly likes LDAP - Allowing user to change his own attributes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "LDAP - Allowing user to change his own attributes" Watch "LDAP - Allowing user to change his own attributes" New topic
Author

LDAP - Allowing user to change his own attributes

Cameron Dalton
Greenhorn

Joined: Nov 14, 2008
Posts: 19
I have a number of tasks in a project I'm working on that require LDAP password policy settings, like remembering password history, locking the account after x number of failures, and one is that a user must change his password after an administrator resets it.

My java code can successfully change a password if logged in as the admin (e.g. cn=root), but when I attempt to connect as the user with his credentials, I get a NoPermissionException (error code 50). Then I tried changing other attributes of that user (while logged in as the user), and I get the same NoPermissionException.

What do I need to do to make changes in my LDAP directory as the logged in user? I can't just login as the admin to make the change because then the password complexity rules aren't enforced (since the admin can do whatever he wants).

Thank you very much for your help.
Cameron Dalton
Greenhorn

Joined: Nov 14, 2008
Posts: 19
I think I've decided that this is a server issue.

I've been attempting to configure the permissions so that all users have write access to their own record, and my server config claims to have this ability, but that's giving me additional problems. In any case, that's a question for a completely different forum.
Will Lam
Greenhorn

Joined: Aug 31, 2011
Posts: 1
Hi,

I've encountered exactly the same problem as you.

How does you make it out? I know it has been long time ago. Would you mind to share your code?

Thanks.
 
Consider Paul's rocket mass heater.
 
subject: LDAP - Allowing user to change his own attributes